OpenClaw Overtakes React as GitHub’s Most-Starred Project
In just 60 days, the open-source AI agent project OpenClaw has rocketed past 250,000 GitHub stars, surpassing React to become the most-starred software project on the platform. The milestone, reached in March 2026, follows a January surge that saw GitHub stars cross 100,000 and community traffic hit 2 million unique visitors in a single week.
Created by independent developer Peter Steinberger, OpenClaw offers a self-hosted, persistent AI assistant that runs locally or on private servers. Unlike cloud-dependent AI tools, it does not require external APIs, giving users full control over their data and agent behavior.
Background: What Is OpenClaw?
Most AI agents today execute a single prompt, complete a defined task, and shut down. OpenClaw operates differently. It runs continuously in the background on a “heartbeat” — at regular intervals, it checks its task list, evaluates priorities, and either acts or waits.
Steinberger described the concept in a recent interview: “We designed OpenClaw to be a long-running digital worker, not a one-shot responder. It only surfaces when a human decision is required, making it ideal for complex workflows.”
Security Concerns Spark Broader Debate
OpenClaw’s meteoric rise has not been without controversy. Security researchers have flagged risks around self-hosted AI tools, including unmanaged sensitive data, weak authentication, and exposure to malicious code in community forks. One researcher, Dr. Lena Choi of the CyberAI Institute, warned: “Local deployments can create blind spots. Without rigorous patch management, a single unpatched server instance can become a foothold for attackers.”
The project’s maintainers have acknowledged these challenges. In a community post, they emphasized that “security is a continuous process, and we are working to harden the codebase while preserving OpenClaw’s open and autonomous nature.”
NVIDIA Steps In to Strengthen Security
To address vulnerabilities, NVIDIA has partnered with Steinberger and the OpenClaw developer community. According to an NVIDIA blog post, the company is contributing code and guidance focused on model isolation, local data access management, and verification of community contributions.
NVIDIA’s VP of Open-Source AI, Mark Torres, stated: “We believe in open, transparent collaboration. Our goal is to apply our security and systems expertise to help OpenClaw scale safely, without compromising its independent governance.”
The collaboration also includes the release of NVIDIA NemoClaw, a reference implementation that enables one-command installation of OpenClaw alongside NVIDIA’s OpenShell secure runtime and hardened default settings for networking and data access.
What This Means for Organizations
For enterprises, OpenClaw represents a powerful yet risky tool. The ability to run long-running autonomous agents locally can reduce cloud costs, improve response times, and keep sensitive data on-premises. But it also demands new security protocols and internal governance.
“Organizations must ask: Who maintains this agent? How do we audit its decisions? And what happens if a fork introduces a backdoor?” said cybersecurity consultant James Huang. “The trade-off between autonomy and control is real.”
Learn more about how OpenClaw works and explore the security implications.
Editor’s note: This article is part of a series examining emerging open-source AI tools and their impact on enterprise operations. Follow the Nemotron Labs blog for deeper technical analysis.